IMF Warns AI Cyber Attacks Threaten Financial Stability

The International Monetary Fund published an article on 7 May warning that next-generation artificial intelligence tools in the hands of attackers will "undermine financial stability". The organisation said advanced models can exploit vulnerabilities by allowing hackers to scale operations rapidly across interconnected systems used by banks, payment providers and financial institutions.

According to the IMF, severe cyber incidents could trigger funding pressures, damage confidence and disrupt wider markets if multiple institutions are hit simultaneously.

Financial firms increasingly rely on shared digital infrastructure spanning cloud platforms, software providers and payment networks. The organisation said this concentration of technology providers increases the risk of a single weakness spreading across the financial system.

"AI in cybersecurity offers huge potential to improve detection, speed up response times and strengthen defences," says Andy Ward, SVP International at Absolute Security. "However, with emerging AI tools such as Claude Mythos, cyber threats are also becoming smarter and faster."

"In the wrong hands, it is inevitable that businesses will face increasingly sophisticated attacks. Without robust cyber resilience strategies and real-time visibility, the finance sector risks sleepwalking into deeper vulnerabilities."

AI tools automate attacks

The IMF highlighted concerns around advanced artificial intelligence cyber models capable of automating attacks at machine speed. The report cited Anthropic's latest model, Claude Mythos Preview, as an example of how rapidly these capabilities are evolving.

Tools of this nature can dramatically reduce the time and cost required to identify weaknesses in heavily guarded operating systems and browsers. The organisation said the power dynamics shift when less experienced attackers gain access to such capabilities.

The IMF warned that offensive capabilities may soon outpace existing cyber defences.

The organisation argued that cyber threats are no longer isolated operational issues but increasingly systemic financial risks. A successful attack affecting shared infrastructure could disrupt payments, restrict access to liquidity and create wider instability across markets.

Andrew Bailey, Governor of the Bank of England, warned that AI systems could "crack the whole cyber risk world open". The concern is shared across multiple regulatory bodies monitoring financial stability.

Resilience must complement prevention

According to the IMF, artificial intelligence could strengthen cyber defence if deployed responsibly. Financial institutions are already using capable tools to detect fraud, identify vulnerabilities and improve incident response times.

However, the organisation said prevention alone would not be enough and warned that cyber breaches are ultimately inevitable. "Defences will inevitably be breached, so resilience must also be a priority, specifically to limit how far incidents spread and ensure rapid recovery," IMF notes.

"Controls to stop the spread of attacks can prevent local breaches from escalating into system-wide disruptions. These measures are often costly and complex, but they are among the most effective tools for containing AI-enabled attacks."

The IMF warned that emerging markets could be disproportionately vulnerable due to weaker cyber resilience and limited resources. As artificial intelligence capabilities become more widely available, the organisation said inconsistent regulation and oversight between countries could create weak points within the global financial system.

Data management affects exposure

Stuart Harvey, CEO of Datactics, warned that poor data management could make cyber incidents more damaging. "If your data is a mess, then security teams don't stand a chance in the event of a cyber attack or data breaches," he said.

"Messy data increases exposure and makes breaches harder to contain. Good security starts with good data discipline and if you don't know your data, you can't protect it."

The IMF called for greater international cooperation, stronger information sharing and improved cyber resilience standards to reduce the risk of large-scale disruption. It urged regulators to treat cybersecurity as a core financial stability issue rather than simply a technical challenge.

The organisation warned that the pace of artificial intelligence development means authorities must move quickly to strengthen defences before risks escalate further.